|By Ibrahim Haddad||
|September 27, 2004 12:00 AM EDT||
The battle between IT professionals and those who use the Internet for destructive purposes is raging - and there's no end in sight. Reports of computer crime and incidents from the CERT Coordination Center at Carnegie Mellon University more than double each year and are expected to rise. Meanwhile, viruses and worms continue to take down organizations for days. In the following interview, I had the opportunity to talk with cyber security experts Ajay Gupta and Scott Laliberte about their latest book, Defend I.T.: Security by Example (Addison-Wesley, 0-321-19767-4). We discussed who is winning the cyber-security war and what some of the most overlooked security measures are. Read on for the rest of the story.
Tell me about your book.
Defend I.T. is a collection of case studies from our experiences in the field. These case studies are representative of the vast array of security consulting engagements we see in the computer security, forensics, and data privacy arena.
How is this book different from the vast majority of security books that are currently on the market?
It consists entirely of case studies, which is different. Topics range from war dialing, wireless security, computer viruses, computer forensics, HIPAA assessment, and social engineering. People tend to relate better and comprehend more when issues are presented as real-life examples.
Why did you write this book?
When writing Hack I.T., the single most consistent recommendation from our reviewers was for more case studies. We thought of writing a book strictly on case studies, and providing the entire view: what was in place before, the issue at hand, what was done in response, and what may have been done differently to avoid the situation.
Information security is a challenging area. Organizations face security issues every day, but due to the need for confidentiality around these issues they're reluctant to share lessons learned with their peers and other organizations. This book fills a need. We are providing the lessons learned in an anonymous fashion so readerscan benefit from our experience as well as the experience of other organizations.
How is it most relevant to the security community and/or Linux community?
Defend I.T. attempts to illustrate the breadth and scope of knowledge a security consultant should have - covering both the technical and soft skills necessary to be successful in the field.
As we stated earlier the book provides perspective and advice on real-life security issues many organizations are struggling with. Whether the OS is Linux or Windows-based, the issues are similar. The cases cover many OSs and issues your readers would be dealing with.
How can this book help my business/why should I buy it?
It allows businesses to learn from the mistakes - and successes - of other organizations' responses to (commonly occurring) security incidents.
It's apparent that security "incidents" are occurring all the time. Each day you can see a new headline highlighting the latest incident that has occurred. The CERT Coordination Center reported that for the year 2003 there were 138,000 incidents, a 68% increase in the number of incidents reported in 2002 (82,000 incidents) and over six times the 21,000 incidents reported in 2000.
Who has the upper hand these days, hackers or IT professionals? Who is winning the war?
That's a difficult question to answer. Awareness is going up and more organizations are starting to spend money to improve security. Often we're seeing organizations throwing money and software products at security problems without having the strategy, procedures, or expertise to properly and effectively use them. The security community has come a long way, but so have the attackers. The attacks are constantly evolving and respond to each improvement in security. It's too early to tell who's winning.
What are some of the most overlooked security measures?
Strategy and procedures - organizations throw money and security products at security problems without the proper planning or the expertise to best leverage their investment. Also, password strength (or the lack of strength in their passwords) continues to be overlooked.
Companies are getting better at updating their antivirus software and running virus scans on a daily basis; however, given the increasing frequency and severity of viruses, worms, Trojans, spyware, and malicious code, this is an area that demands constant vigilance. Related to this point, most companies allow HMTL-enabled e-mails onto their e-mail servers. Malicious code is often coded right into the HTML and simply opening the e-mail can execute and launch a virus. Firms may want to look at going to text-only e-mails for added security.
About Ajay Gupta and Scott Laliberte
Ajay Gupta, CISSP, founder, and president of Gsecurity, is an expert on cyber security, secure architecture, and information privacy. Gsecurity provides cyber security and data privacy services to federal, state, and local governments, as well as commercial clients in the educational, financial, and health-care sectors.
Scott Laliberte is one of the leaders of Protiviti's Global Information Security Practice. He has extensive experience in the areas of information systems security, network operations, incident response, and eCommerce.
Ajay and Scott are also coauthors of Hack I.T. - Security Through Penetration Testing (Addison-Wesley, 0-201-71956-8)
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
Apr. 19, 2015 05:00 PM EDT Reads: 583
With IoT exploding, massive data will transform businesses with opportunities to monetize almost anything that can be measured. In this C-Level Roundtable Discussion at @ThingsExpo, Brendan O’Brien, Aria Systems Co-founder and Chief Evangelist, will lead an expert panel of consultants, thought leaders and practitioners who will look at these new monetization trends, discuss the implications, and detail lessons learned from their collective experience. Finally, the panel will point the way forward for enterprises who wish to leverage the resulting complex recurring revenue models, adding valu...
Apr. 19, 2015 05:00 PM EDT Reads: 1,436
How is unified communications transforming the way businesses operate? In his session at WebRTC Summit, Arvind Rangarajan, Director of Product Marketing at BroadSoft, will discuss how to extend unified communications experience outside the enterprise through WebRTC. He will also review use cases across different industry verticals. Arvind Rangarajan is Director, Product Marketing at BroadSoft. He has over 19 years of experience in the telecommunications industry in various roles such as Software Development, Product Management and Product Marketing, applied across Wireless, Unified Communic...
Apr. 19, 2015 04:00 PM EDT Reads: 1,600
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) application providers dating back to 2004. Cybozu's kintone.com is a leading global BYOA (Build Your O...
Apr. 19, 2015 03:30 PM EDT Reads: 640
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements around Unified Networks, Cloud Computing strategies, Virtualization around Software defined Data Ce...
Apr. 19, 2015 02:00 PM EDT Reads: 1,429
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
Apr. 19, 2015 12:00 PM EDT Reads: 2,088
What exactly is a cognitive application? In her session at 16th Cloud Expo, Ashley Hathaway, Product Manager at IBM Watson, will look at the services being offered by the IBM Watson Developer Cloud and what that means for developers and Big Data. She'll explore how IBM Watson and its partnerships will continue to grow and help define what it means to be a cognitive service, as well as take a look at the offerings on Bluemix. She will also check out how Watson and the Alchemy API team up to offer disruptive APIs to developers.
Apr. 19, 2015 12:00 PM EDT Reads: 1,492
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquired by Aditi Technologies. He is a Microsoft Regional Director for Hyderabad, India, and one of the f...
Apr. 19, 2015 12:00 PM EDT Reads: 1,110
SYS-CON Events announced today that SoftLayer, an IBM company, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015 at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place November 3–5, 2015 at the Santa Clara Convention Center in Santa Clara, CA. SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from ...
Apr. 19, 2015 08:45 AM EDT Reads: 2,416
SYS-CON Events announced today that Cisco, the worldwide leader in IT that transforms how people connect, communicate and collaborate, has been named “Gold Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cisco makes amazing things happen by connecting the unconnected. Cisco has shaped the future of the Internet by becoming the worldwide leader in transforming how people connect, communicate and collaborate. Cisco and our partners are building the platform for the Internet of Everything by connecting the...
Apr. 19, 2015 08:30 AM EDT Reads: 5,633
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
Apr. 19, 2015 08:15 AM EDT Reads: 3,716
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
Apr. 19, 2015 08:00 AM EDT Reads: 4,894
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will meet your customers' needs of tomorrow - today! Ciqada. Let your products take flight. For more inform...
Apr. 19, 2015 08:00 AM EDT Reads: 1,638
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool f...
Apr. 19, 2015 07:30 AM EDT Reads: 1,508
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applications - creating more engaging experiences for their customers and boosting collaboration and productiv...
Apr. 19, 2015 07:00 AM EDT Reads: 2,304
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
Apr. 19, 2015 07:00 AM EDT Reads: 2,336
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
Apr. 19, 2015 06:45 AM EDT Reads: 2,549
SYS-CON Events announced today that On the Avenue Marketing Group, a sales and marketing firm that utilizes events to market and sell products to consumers, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. On the Avenue Marketing Group (OTA) is a sales and marketing firm that utilizes events to market and sell products to consumers. On behalf of our clients, we attend thousands of fairs, festivals, expos, concerts, conferences, and sporting events annually, helping them reach millions of individuals ...
Apr. 19, 2015 06:30 AM EDT Reads: 3,184
SYS-CON Events announced today that BroadSoft, the leading global provider of Unified Communications and Collaboration (UCC) services to operators worldwide, has been named “Gold Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BroadSoft is the leading provider of software and services that enable mobile, fixed-line and cable service providers to offer Unified Communications over their Internet Protocol networks. The Company’s core communications platform enables the delivery of a range of enterprise and consumer calling...
Apr. 19, 2015 06:30 AM EDT Reads: 2,211
SYS-CON Events announced today that ActiveState, the leading independent Cloud Foundry and Docker-based PaaS provider, has been named “Silver Sponsor” of SYS-CON's DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. ActiveState believes that enterprises gain a competitive advantage when they are able to quickly create, deploy and efficiently manage software solutions that immediately create business value, but they face many challenges that prevent them from doing so. The Company is uniquely positioned to help address these challenges thro...
Apr. 19, 2015 06:15 AM EDT Reads: 2,799